Télécharger

LCAP — Règles relatives à l’installation et à l’utilisation de programmes d’ordinateur (En
anglais seulement)
Effective January 15, 2015, Canada’s anti-spam law (commonly known as “CASL”) will
impose onerous restrictions and requirements for the commercial installation and use of
computer programs on another person’s computer system. The rules apply to almost any
computer program (not just malware/spyware/harmful programs) installed on almost any
computing device (including mobile phones) as part of a commercial activity (regardless of
expectation of profit). The rules have potentially serious implications for Canadian
businesses that distribute computer programs and for foreign businesses that distribute
computer programs to computer systems located in Canada. Unfortunately, the rules are
challenging to interpret and apply, and regulators have provided limited guidance.
Summary Of CASL Rules
Following is a summary of some key elements of CASL’s rules for the installation and use of
computer programs.

General Prohibition: CASL provides that, subject to important but limited
exceptions, a person must not, in the course of a commercial activity, either
install or cause to be installed a computer program on any other person’s
computer system, or cause an electronic message to be sent from any other
person’s computer system on which the person installed, or caused to be
installed, a computer program, unless the person has obtained the express
consent of the owner or an authorized user of the computer system. CASL
also prohibits aiding, inducing, procuring or causing to be procured a violation
of the rules regarding the installation and use of computer programs.

Broad Definitions: CASL broadly defines “computer program” (data
representing instructions or statements that, when executed in a computer
system, causes the computer system to perform a function), “computer
system” (one or more devices that contain computer programs or other data
and perform logic and control functions pursuant to computer programs),
“commercial activity” (any transaction, act or conduct of a commercial
character, regardless of expectation of profit) and “electronic message” (a
message sent by any means of telecommunication). CASL’s rules are not
limited to malware/spyware or other kinds of fraudulent or harmful computer
programs.

Geographic Scope: CASL’s rules apply if the computer system is located in
Canada at the relevant time, or if the person installing or directing the
installation or use of the computer program is in Canada at the relevant time.

Express Consent: CASL requires express consent to the installation of a
computer program on another person’s computer system or the sending of
messages from another person’s computer system. Subject to limited
exceptions, implied consent is not sufficient. Regulatory guidance explains that
CASL requires that express consent be obtained through an opt-in
mechanism. Accordingly, an individual must take a positive action to indicate
express consent; silence or inaction cannot be construed as providing express
consent.
Calgary | Montréal | Ottawa | Toronto | Vancouver
Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés
blg.com

Request for Consent - Standard Computer Programs: CASL requires that a
request for express consent must clearly and simply: (1) set out the purpose
for which the consent is sought; (2) describe, in general terms, the function
and purpose of the computer program that is to be installed if consent is given;
and (3) specify prescribed information regarding the identity and contact
details of the person seeking consent and any other person on whose behalf
the consent is sought. A request for consent must also contain a statement
indicating that the person whose consent is sought can withdraw their consent.

Consent for Updates/Upgrades: CASL’s rules apply to the installation of
updates and upgrades to a computer program. However, a person does not
have to obtain an additional express consent for a non-invasive update or
upgrade to a computer program if: (1) the computer program was installed with
express consent in accordance with CASL; (2) the person who gave the
consent is entitled to receive the update/ upgrade under the terms of the
express consent; and (3) the update/upgrade is installed in accordance with
those terms. Regulatory guidance confirms that consent to the installation of
future updates/upgrades to a computer program may be obtained at the same
time that consent is obtained for the original installation of the computer
program. CASL provides a time-limited transition provision for
updates/upgrades - a person’s consent to the installation of an update/upgrade
to a computer program that was installed on the person’s computer system
before January 15, 2015, is implied until the person gives notice that the
person no longer consents to the installation of updates/upgrades or until
January 15, 2018.

Deemed Consent for Certain Programs: CASL provides that a person is
considered to expressly consent to the installation of certain kinds of computer
programs (e.g. a cookie, HTML code, Java Scripts, an operating system or a
program that is necessary to correct a failure in the operation of a computer
system or program and is installed for that sole purpose) if the person’s
conduct is such that it is reasonable to believe that the person consents to the
program’s installation. Regulatory guidance indicates that certain kinds of
cookies might not be considered to be a computer program for the purposes of
CASL.

Request for Consent - Invasive Computer Programs: CASL imposes
additional requirements for valid consent to the installation of a computer
program that performs certain specified invasive functions (e.g. collecting
personal information stored on the computer system or causing the computer
system to communicate with another computer system or device without the
authorization of the owner or an authorized user of the computer system) that
a person knows and intends will cause a computer system to operate in a
manner that is contrary to the reasonable expectations of the owner or
authorized user of the computer system. A request for consent to the
installation of an invasive computer program must be separate and apart from
a license agreement and must include additional, separate disclosures of
prescribed information about the computer program’s invasive functions. A
valid consent to the installation of an invasive computer program must be
confirmed in writing (paper or electronic forms that satisfy specified
requirements) with express acknowledgement of the program’s invasive
functions. In addition, a person who obtains express consent to the installation
of an invasive computer program must, for a period of one year after the
computer program is installed, provide a procedure for removing or disabling
Calgary | Montréal | Ottawa | Toronto | Vancouver
Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés
blg.com
the computer program if the consent was based on an inaccurate description
of the material elements of the computer program.

Separate/Discrete Consent: Regulatory guidance explains that a consent to
the installation or use of a computer program on another person’s computer
system must be specific and separate from consents to other kinds of CASLregulated conduct (e.g. the sending of commercial electronic messages), and
must not be subsumed in, or bundled with, requests for consent to the general
terms and conditions of use or sale.

Burden of Proof: CASL provides that a person who alleges they have
consent to the installation or use of a computer program on another person’s
computer system has the onus of proving the consent.

Extended Liability: CASL provides that employers are liable for a
contravention of CASL’s rules for the installation and use of computer
programs committed by their employees and agents within the scope of their
employment or authority, and corporate directors and officers are personally
liable if they direct, authorize or assent to, or acquiesce or participate in, a
contravention of CASL’s rules for the installation and use of computer
programs committed by their corporation. Employers, directors and officers
can avoid liability if they establish that they exercised “due diligence” to
prevent the contravention.

Penalties for Non-Compliance: Failure to comply with CASL’s rules for the
installation and use of computer programs can result in significant
administrative monetary penalties (up to $10,000,000 for organizations and
$1,000,000 for individuals). In addition, beginning in July 2017 a private right of
action will allow persons affected by a contravention of CASL’s rules for the
installation and use of computer programs to commence enforcement
proceedings and recover compensatory damages and statutory penalties (a
maximum of $1,000,000 for each day on which a contravention occurred).
Interpretation And Application
CASL’s rules for the installation and use of computer programs are challenging to interpret
because CASL uses broad and ambiguous terminology (e.g. “install or cause to be
installed”, “cause an electronic message to be sent”, “update or upgrade” and “operating
system”). As a result, the scope and application of the rules are uncertain. By way of
example only:

Online Software Distribution: Do the rules apply when software is
downloaded and installed using an automated online process (e.g. online
stores for mobile device apps) that is initiated by the computer system user? If
so, who is responsible for CASL compliance - the software vendor/ distributor,
the app store operator or both of them?

Automated Messages: Do the rules apply to the transmission of data (e.g.
diagnostic data or queries for software updates) that is sent automatically by a
computer program without human intervention? 
Updates: Do the rules apply to minor bug fixes or to updates to ancillary
databases?

Firmware: Is firmware a computer program or part of an operating system that
is exempted from the rules?
Calgary | Montréal | Ottawa | Toronto | Vancouver
Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés
blg.com
CASL’s rules for the installation and use of computer programs are challenging to apply
because in many situations it is either difficult or impossible for a software vendor/distributor
to request and obtain the express consent required by CASL. For example, popular software
distribution websites (including online stores for mobile device apps) currently do not have
processes to request, obtain and record express consents for the downloading and
installation of each program. As another example, many devices that qualify as a computer
system do not have the user interfaces necessary to request, obtain and record express
consents to the installation of updates/upgrades to firmware on the device or the automated
sending of electronic messages from the device.
Industry Canada and the CRTC have issued limited guidance that does not address some of
the most challenging aspects of CASL’s rules for the installation and use of computer
programs. The CRTC has indicated that additional guidance will be provided in the future.
Comment
CASL’s rules for the installation and use of computer programs come into force on January
15, 2015. In the absence of additional regulations or regulatory guidance, businesses that
directly or indirectly distribute computer software (including mobile apps distributed through
app stores and automated firmware updates) or receive messages from installed software
(including diagnostic data and automated update queries) should now be considering the
impact of CASL’s rules on their business activities and planning for compliance with those
rules.
Calgary | Montréal | Ottawa | Toronto | Vancouver
Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés
blg.com
BUREAUX BLG
Calgary
Montréal
Ottawa
Centennial Place, East Tower
1900, 520 - 3rd Avenue S.W.
Calgary, Alberta, Canada
T2P 0R3
1000, rue De La Gauchetière Ouest
Bureau 900
Montréal, Québec, Canada
H3B 5H4
World Exchange Plaza
100, rue Queen
Ottawa, Ontario, Canada
K1P 1J9
T T 403.232.9500
F F 403.266.1395
T 514-954-2555
F 514-879-9015
T 613.237.5160
F 613.230.8842
Toronto
Vancouver
Scotia Plaza
40 King Street West
Toronto, Ontario, Canada
M5H 3Y4
1200 Waterfront Centre
200, rue Burrard
Vancouver, Colombie-Britannique,
Canada
V7X 1T2
T 416.367.6000
F 416.367.6749
T 604.687.5744
F 604.687.1415
Cette publication n’est ni un avis juridique, ni un énoncé complet de la législation pertinente, ni un avis sur un
quelconque sujet. Personne ne devrait agir ni omettre d’agir sur la foi de celle-ci sans procéder à un examen
approfondi du droit après avoir soupesé les faits d’une situation précise. Vous êtes prié(e) de consulter un conseiller
juridique pour toute question ou préoccupation particulière. BLG ne garantit pas l’exactitude, la fiabilité ou
l’exhaustivité de cette publication. Il est interdit de reproduire, même partiellement, cette publication sans
l’autorisation écrite préalable de Borden Ladner Gervais s.e.n.c.r.l., s.r.l. (BLG). Si BLG vous a envoyé cette
publication et que vous ne souhaitez plus la recevoir, vous pouvez demander à faire supprimer vos coordonnées de
nos listes d’envoi en communiquant avec nous par téléphone au 1.877.BLG.LAW1 ou par courriel à
[email protected]. On trouvera la politique de protection des renseignements personnels de BLG en ce qui
a trait aux publications à l’adresse http://BLG.com/fr/AvisJuridique#ElectronicPrivacyPolicy_FR.
© 2015 Borden Ladner Gervais s.e.n.c.r.l., s.r.l.
Calgary | Montréal | Ottawa | Toronto | Vancouver
Avocats | Agents de brevets et de marques de commerce | S.E.N.C.R.L., S.R.L. (« BLG »). Tous droits réservés
blg.com